EP3046306B1 - Information processing apparatus capable of performing ssl communication, method of controlling the same, and storage medium - Google Patents

Information processing apparatus capable of performing ssl communication, method of controlling the same, and storage medium Download PDF

Info

Publication number
EP3046306B1
EP3046306B1 EP16151010.2A EP16151010A EP3046306B1 EP 3046306 B1 EP3046306 B1 EP 3046306B1 EP 16151010 A EP16151010 A EP 16151010A EP 3046306 B1 EP3046306 B1 EP 3046306B1
Authority
EP
European Patent Office
Prior art keywords
information
certificate
processing apparatus
information processing
issuing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP16151010.2A
Other languages
German (de)
English (en)
French (fr)
Other versions
EP3046306A1 (en
Inventor
Shinichi Uchikawa
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc filed Critical Canon Inc
Publication of EP3046306A1 publication Critical patent/EP3046306A1/en
Application granted granted Critical
Publication of EP3046306B1 publication Critical patent/EP3046306B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/64Self-signed certificates

Definitions

  • the present invention relates to an information processing apparatus, a method of controlling the same, and a storage medium, and more particularly to an information processing apparatus that performs SSL communication, a method of controlling the same, and a storage medium.
  • an MFP multifunction peripheral
  • an SSL server certificate for performing SSL communication uses SSL communication for communicating encrypted data so as to prevent information from leaking from the data being transmitted or received.
  • the MFP is equipped with the function of issuing an SSL server certificate for performing SSL communication, and the SSL server certificate is issued as a self-certificate of the MFP, which includes a common name for identifying the MFP as a self-certifying object.
  • the common name is set based on information for identifying the MFP, which is included in URL information used for performing network communication including SSL communication between a client PC and the MFP (hereinafter referred to as the "identification information of the MFP").
  • the identification information of the MFP for example, one of an IP address, an FQDN (Fully Qualified Domain Name), and an mDNS (Multicast DNS) name of the MFP is used.
  • the MFP transmits the SSL server certificate in response to a notification transmitted from the client PC for requesting execution of SSL communication. Then, if the common name of the acquired SSL server certificate does not correspond to, in other words, for example, does not match the identification information of the MFP, the client PC displays a warning on a display screen thereof without performing SSL communication.
  • the identification information of the MFP not only the IP address of the MFP, but also the FQDN or the mDNS name is sometimes used as mentioned above, and hence when the SSL server certificate of the MFP, in which the IP address of the MFP at the initial startup time is set as the common name, is issued using the technique disclosed in Japanese Patent Laid-Open Publication No. 2009-200565 , there is a case where the common name of the SSL server certificate and the identification information of the MFP do not match each other. To cope with this, it is necessary to reissue the SSL server certificate having the common name changed, but when the common name is reset by a user, there is a case where a proper common name, i.e.
  • US 8,850,186 B2 discloses re-issuing a certificate for a printer device if the device's host name has changed.
  • the invention provides an information processing apparatus that is capable of setting proper identifying information for identifying the information processing apparatus, and performing SSL communication, a method of controlling the same, and a storage medium.
  • a non-transitory computer-readable storage medium storing a computer-executable program for causing a computer to execute a method of controlling an image forming apparatus as specified in claim 12.
  • the description will be given of a case where the invention is applied to an MFP as an information processing apparatus, but application of the invention is not limited to the MFP, and the invention can be applied to any other apparatus, insofar as it is an apparatus that is capable of issuing an SSL server certificate.
  • FIG. 1 is a schematic block diagram of a communication system 100 including an MFP 101 as an information processing apparatus according to a first embodiment of the invention.
  • the communication system 100 includes the MFP 101 (information processing apparatus), a client PC 102 (client apparatus), a DNS server 103, and a DHCP server 104, which are interconnected via a LAN 105.
  • MFP 101 information processing apparatus
  • client PC 102 client apparatus
  • DNS server 103 DNS server
  • DHCP server 104 DHCP server
  • the MFP 101 is equipped with various functions, such as a print function, a copy function, a scan function, and an SSL server certificate-issuing function, and is capable of performing network communication with the client PC 102, the DNS server 103, and the DHCP server 104, which are connected via the LAN 105.
  • the MFP 101 issues the SSL server certificate as a self-certificate of the MFP 101, and the SSL server certificate includes a common name (identifying information) for identifying the MFP 101 as a self-certifying object.
  • Various settings for issuing the SSL server certificate are made using a console panel 204, described hereinafter, provided on the MFP 101, or using the client PC 102.
  • the SSL server certificate is used when the MFP 101 performs SSL communication for communicating encrypted data via the LAN 105.
  • the client PC 102 performs HTTP communication with the MFP 101 using URL information including identification information for identifying the MFP 101. Further, the client PC 102 sends a request notification for requesting execution of SSL communication to the MFP 101, and acquires the SSL server certificate transmitted from the MFP 101 in response to the request notification, and when the common name included in the acquired SSL server certificate matches the identification information of the MFP 101, the client PC 102 performs SSL communication with the MFP 101.
  • the DHCP server 104 When performing LAN communication with various apparatuses connected to the LAN 105, the DHCP server 104 assigns, to each of the various apparatuses, identification information for identifying the apparatus, for example, a host name, a domain name, and an IP address.
  • the DNS server 103 associates the host name, the domain name, and the IP address, assigned by the DHCP server 104, with the apparatus.
  • FIG. 2 is a schematic block diagram of hardware of the MFP 101 appearing in FIG. 1 .
  • the MFP 101 includes a controller 201, a printer section 202, a scanner section 203, and the console panel 204, and the controller 201 is connected to the printer section 202, the scanner section 203, and the console panel 204.
  • the controller 201 includes a CPU 205, a ROM 206, a RAM 207, an HDD 208, a printer interface 209, a scanner interface 210, a console panel interface 211, a wireless LAN interface 212, and a wired LAN interface 213. These components are interconnected via a system bus 214.
  • the controller 201 controls the overall operation of the MFP 101.
  • the CPU 205 controls each of the components connected to the system bus 214.
  • the CPU 205 performs software modules 300 described hereinafter with reference to FIG. 3 , by executing control programs stored in the ROM 206 and the HDD 208, to thereby control the components connected to the system bus 214.
  • the RAM 207 is used as a main memory and a work area for the CPU 205.
  • the controller 201 may be provided with a plurality of CPUs and a plurality of RAMs, and perform various processes using these CPUs and RAMs.
  • the HDD 208 stores various data, various programs, and various information tables.
  • the printer interface 209 communicates with the printer section 202.
  • the scanner interface 210 communicates with the scanner section 203.
  • the console panel interface 211 communicates with the console panel 204.
  • the wireless LAN interface 212 performs wireless communication with each of client apparatuses, such as the client PC 102 and a mobile terminal, not shown, in response to a notification sent from the CPU 205 for performing wireless communication.
  • the wired LAN interface 213 performs wired communication with each of the client PC 102 and the like connected to the LAN 105 in response to a notification sent from the CPU 205 for performing wired communication via the LAN 105.
  • the wireless LAN interface 212 and the wired LAN interface 213 communicate execution data for executing various processes e.g. to and from the client PC 102. Further, the wireless LAN interface 212 and the wired LAN interface 213 transmit Web pages to the client PC 102, for causing a display section, not shown, of the client PC 102 to display various items of Web information.
  • the printer section 202 performs print processing on a sheet fed from a sheet feed cassette, no shown, based on the execution data acquired via the printer interface 206.
  • the scanner section 203 reads an original placed on an original platen glass, not shown, by performing scan processing, to thereby acquire image information and generate image data based on the acquired image information.
  • the console panel 204 is a user interface unit used by a user so as to operate the MFP 101. In the present embodiment, for example, a user operates the console panel 204 to make a setting for issuing an SSL server certificate, a setting for giving priority to which of communication using the wireless LAN interface 212 and communication using the wired LAN interface 213 (hereinafter referred to as the "interface priority setting"), and so forth.
  • FIG. 3 is a schematic block diagram of the software modules 300 executed by the CPU 205 appearing in FIG. 2 .
  • the software modules 300 include a display control module 301, a certificate setting UI module 302, a certificate issuance module 303, a certificate management module 304, a network communication module 305, a Web server module 306, and a Web page generation module 307.
  • the display control module 301 displays a setting menu on the console panel 204, including setting items and setting fields associated with the setting items, respectively, for enabling the user to configure various settings.
  • the display control module 301 displays on the console panel 204 a certificate setting menu 600, described hereinafter with reference to FIG. 6 , which is used when generating information for issuing an SSL server certificate (hereinafter referred to as the "certificate setting information").
  • the certificate setting UI module 302 generates display data for displaying the certificate setting menu 600 or the like on the console panel 204.
  • the certificate issuance module 303 issues the SSL server certificate of the MFP 101 based on the set certificate setting information.
  • the certificate management module 304 manages the SSL server certificate of the MFP 101, which has been issued by the certificate issuance module 303.
  • the network communication module 305 controls wireless communication using the wireless LAN interface 212 and wired communication using the wired LAN interface 213. Further, the network communication module 305 manages various settings of the DNS server 103, and manages the setting statuses of an FQDN and an mDNS name, described hereinafter, for performing wireless communication and wired communication.
  • the Web server module 306 controls the Web page generation module 307.
  • the Web page generation module 307 generates Web pages for displaying Web information e.g. on the display section of the client PC 102 using HTTP communication and SSL communication.
  • the Web page generation module 307 when settings for issuing the SSL server certificate of the MFP 101 are made from the client PC 102, the Web page generation module 307 generates a certificate setting Web page for displaying the certificate setting menu 600, described hereinafter, on the client PC 102. Further, when a certificate signing request (CSR) for requesting the issuance of an SSL server certificate (hereinafter referred to as "certified SSL server certificate”) from a certification authority or the like for certifying SSL server certificates is sent from the MFP 101, the Web page generation module 307 generates certificate setting transmission data to be transmitted to the certification authority.
  • CSR certificate signing request
  • FIG. 4 is a flowchart of a Web page generation process performed by the MFP 101 appearing in FIG. 1 .
  • the Web page generation process in FIG. 4 is performed by the CPU 205 that executes the control programs stored in the ROM 206 and the HDD 208.
  • a common name included in the SSL server certificate and identification information of the MFP 101 included in URL information used when the client PC 102 communicates with the MFP 101 are required to correspond to each other, e.g. to match each other, but there is a case where a proper common name is not set e.g. due to a user's erroneous input of the certificate setting information for issuing the SSL server certificate.
  • common name information 601 described hereinafter, corresponding to the common name of the SSL server certificate is set in the certificate setting information, based on the identification information of the MFP 101, which is included in URL information used for network communication. Note that the Web page generation process in FIG. 4 is performed assuming that the certificate setting information is set by the client PC 102.
  • the CPU 205 receives from an apparatus capable of performing HTTP communication, for example, the client PC 102, an HTTP communication request 500, shown in FIG. 5 , for requesting execution of HTTP communication, and when the CPU 205 receives the HTTP communication request 500 (YES to a step S401) (the operation of a reception unit).
  • the HTTP communication request 500 includes host header information 501 (identification information) (e.g. "hoge.xxx.co.jp") for identifying the MFP 101 which is a destination to which execution of HTTP communication is requested by the client PC 102, and URL information 502 (e.g.
  • the URL information 502 includes host information 503 (e.g. "hoge.xxx.co.jp") for identifying the MFP 101, and the host information 503 corresponds to, for example, matches the host header information 501.
  • the CPU 205 executes the Web page generation module 307, and acquires the host header information 501 from the HTTP communication request 500 (step S402) (the operation of an acquisition unit).
  • the host header information 501 included in the HTTP communication request 500 is used as the information for identifying the MFP 101
  • the host information 503 since the host information 503 corresponds to the host header information 501, the host information 503 may be used as the information for identifying the MFP 101.
  • the CPU 205 generates the certificate setting Web page (Web page for issuing a certificate) based on the acquired host header information 501 (step S403).
  • a certificate setting Web page As one in which "hoge.xxx.co.jp" corresponding to the host header information 501 is set as an initial value (default value) of the common name information 601 in the certificate setting menu 600 (operation of a generation unit).
  • the CPU 205 transmits the generated certificate setting Web page to the client PC 102 (step S404) (operation of a transmission unit).
  • the client PC 102 displays on the display section thereof the certificate setting menu 600 on which "hoge.xxx.co.jp" corresponding to the host header information 501 is set based on the received certificate setting Web page as the initial value of the common name information 601.
  • the CPU 205 terminates the present process after executing the step S404.
  • the certificate setting menu 600 includes "hoge.xxx.co.jp" corresponding to the host header information 501 as the initial value of the common name information 601, and hence the user can easily set "hoge.xxx.co.jp" corresponding to the host header information 501 as the common name in the certificate setting information.
  • the host header information 501 for identifying the MFP 101 which is included in the HTTP communication request 500 for requesting execution of HTTP communication, is set as the initial value of the common name information 601 included in the certificate setting menu 600 for use in setting the certificate setting information.
  • the initial value of the common name information 601 is set based on the host header information 501 and is displayed to the user, and hence it is possible to prevent the user from setting information which does not correspond to the host header information 501 as the common name information 601.
  • the second embodiment is basically the same in configuration and operation as the above-described first embodiment, and is different from the first embodiment in that the setting of the certificate setting information is performed from the console panel 204 of the MFP 101. Accordingly, the following description will be given only of different points from the first embodiment while omitting redundant description of the same configuration and operation.
  • FIG. 7 is a flowchart of a certificate setting information generation process performed by the MFP 101 as an information processing apparatus according to the second embodiment.
  • the SSL communication destination is the client PC 102 in which the certificate setting information has been set
  • the common name corresponding to the identification information of the MFP 101 to be used by the client PC 102 is set.
  • the SSL communication destination is indefinite, even if the above-described first embodiment is applied, the common name and the identification information of the MFP 101 as the SSL communication destination do not necessarily correspond to each other, and hence it is sometimes impossible to perform SSL communication.
  • the common name information 601 included in the certificate setting information for issuing the SSL server certificate is set based on network setting information 800, described hereinafter.
  • the certificate setting information generation process in FIG. 7 is performed by the CPU 205 that executes the control programs stored in the ROM 206 and the HDD 208. Note that the certificate setting information generation process in FIG. 7 is performed assuming that the certificate setting information is set from the console panel 204.
  • the CPU 205 determines whether or not both of the wireless LAN interface 212 and the wired LAN interface 213 are in a communicable state (step S701).
  • step S701 If it is determined in the step S701 that one of the wireless LAN interface 212 and the wired LAN interface 213 is in the communicable state, the CPU 205 proceeds to a step S703 without executing a step S702.
  • the CPU 205 determines one of the wireless LAN interface 212 and the wired LAN interface 213 as a priority interface to which the priority of communication is given (step S702).
  • the priority interface is determined based on the interface priority setting set by a user's operation on the console panel 204 in advance.
  • the CPU 205 executes the certificate setting UI module 302, and acquires the network setting information 800 shown in FIG. 8 , which corresponds to the priority interface.
  • the network setting information 800 includes the host name, the domain name, and the IP address for identifying the MFP 101 when the MFP 101 performs communication, and one of these information items is used, as the identification information of the MFP 101, for the URL information for performing communication with the MFP 101.
  • the CPU 205 determines from the acquired network setting information 800 an Internet Protocol which is compatible with a network environment in which the MFP 101 performs communication (step S703). In general, one of IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6) is used as the Internet Protocol.
  • the CPU 205 determines, one of IPv4 and IPv6, in which values of settings thereof are set in the network setting information 800, as the Internet Protocol which is compatible with the above-mentioned network environment. For example, if values of settings of IPv6 are set therein, the CPU 205 judges that IPv6 is the Internet Protocol compatible with the network environment, whereas if only values of settings of IPv4 are set therein, the CPU 205 judges that IPv4 is the Internet Protocol compatible with the network environment.
  • the CPU 205 determines whether or not information for FQDNv6 is set in the network setting information 800 (step S704).
  • FQDNv6 is set based on the IPv6 host name and the IPv6 domain name of the network setting information shown in FIG. 8 .
  • step S704 If it is determined in the step S704 that FQDNv6 is set, there is a high possibility that the network environment of the MFP 101 is compatible with communication using FQDNv6, and hence the CPU 205 judges that communication using FQDNv6 is to be performed, and sets an initial value of the common name information 601 of the certificate setting information based on FQDNv6 (step S705).
  • URL information used for performing communication with the MFP 101 not only an FQDN (FQDNv4 or FQDNv6) and an IP address (IPv4 address or IPv6 address) for identifying the MFP 101, but also an mDNS name (mDNSv4 or mDNSv6 name) for identifying the MFP 101 is used, in general, the FQDN and the mDNS name which enable the user to visually and easily identify the MFP 101 are more widely used than the IP address. Further, in general, the FQDN in which a host name and a domain name assigned from the DNS server can be directly used is more widely used than the mDNS name which adds information, such as ".local", to the host name and the domain name.
  • the priority of URL information to be used is in the order of an FQDN, an mDNS name, and an IP address. Accordingly, in the present embodiment, processing for determining the setting information is performed for an FQDN, an mDNS name, and an IP address in the mentioned order. After executing the step S705, the CPU 205 terminates the present process.
  • step S704 If it is determined in the step S704 that FQDNv6 is not set, there is a high possibility that the network environment of the MFP 101 is incompatible with communication using FQDNv6, and hence the CPU 205 judges that communication using FQDNv6 is not to be performed and determines whether or not the setting of mDNSv6 is valid (step S706). In the present embodiment, whether or not the setting of mDNSv6 is valid is determined based on the setting of mDNSv6 managed by the network communication module 305.
  • step S706 If it is determined in the step S706 that the setting of mDNSv6 is valid, there is a high possibility that the network environment of the MFP 101 is compatible with communication using mDNSv6, and hence the CPU 205 judges that communication using mDNSv6 is to be performed and sets the initial value of the common name information 601 of the certificate setting information based on mDNSv6 (step S707), followed by terminating the present process.
  • step S706 If it is determined in the step S706 that the setting of mDNSv6 is not valid, there is a high possibility that the network environment of the MFP 101 is incompatible with communication using mDNSv6, and hence the CPU 205 judges that communication using mDNSv6 is not to be performed and sets the initial value of the common name information 601 of the certificate setting information based on the IPv6 address (step S708), followed by terminating the present process.
  • the CPU 205 determines whether or not FQDNv4 is set in the network setting information 800 (step S709).
  • FQDNv4 is set based on the IPv4 host name and the IPv4 domain name of the network setting information shown in FIG. 8 .
  • step S709 If it is determined in the step S709 that FQDNv4 is set, there is a high possibility that the network environment of the MFP 101 is compatible with communication using FQDNv4, and hence the CPU 205 judges that communication using FQDNv4 is to be performed and sets the initial value of the common name information 601 of the certificate setting information based on FQDNv4 (step S710), followed by terminating the present process.
  • step S709 If it is determined in the step S709 that FQDNv4 is not set, there is a high possibility that the network environment of the MFP 101 is incompatible with communication using FQDNv4, and hence the CPU 205 judges that communication using FQDNv4 is not to be performed and determines whether or not the setting of mDNSv4 is valid (step S711). In the present embodiment, whether or not the setting of mDNSv4 is valid is determined based on the setting of mDNSv4 managed by the network communication module 305.
  • step S711 If it is determined in the step S711 that the setting of mDNSv4 is valid, there is a high possibility that the network environment of the MFP 101 is compatible with communication using mDNSv4, and hence the CPU 205 judges that communication using mDNSv4 is to be performed and sets the initial value of the common name information 601 of the certificate setting information based on mDNSv4 (step S712), followed by terminating the present process.
  • step S711 If it is determined in the step S711 that the setting of mDNSv4 is not valid, there is a high possibility that the network environment of the MFP 101 is incompatible with communication using mDNSv4, and hence the CPU 205 judges that communication using mDNSv4 is not to be performed and sets the initial value of the common name information 601 of the certificate setting information based on the IPv4 address (step S713), followed by terminating the present process.
  • the user sets the certificate setting information using the certificate setting menu 600 displayed on the console panel 204
  • the FQDN, the IP address, or the mDNS for identifying the MFP 101 (hereinafter referred to as the "the FQDN, IP address or mDNS of the MFP 101") included in the network setting information 800 is set as the initial value of the common name information 601 in the certificate setting menu 600, and hence the user can easily set the FQDN, IP address or mDNS of the MFP 101 as the common name in the certificate setting information.
  • the FQDN, IP address or mDNS of the MFP 101 included in the network setting information 800 is set as the initial value of the common name information 601 included in the certificate setting information for issuing the SSL server certificate.
  • the common name information 601 is not corresponding to the FQDN, IP address or mDNS of the MFP 101, which is the identification information of the MFP 101, which makes it possible to generate the SSL server certificate based on the certificate setting information in which the common name information 601 corresponding to the network setting information 800 is set, which in turn makes it possible to perform SSL communication.
  • the certificate setting information including the common name information 601 may be transmitted (operation of a transmission unit) to an apparatus for issuing certified SSL server certificates or the like (certificate issuing apparatus), which is managed by the certification authority, and the apparatus may issue the certified SSL server certificate based on the received certificate setting information.
  • the common name information 601 included in the certificate setting information for issuing the certified authenticated SSL server certificate is made correspondent to the host header information 501 for identifying the MFP 101 or the FQDN, IP address, or mDNS of the MFP 101, which makes it possible to perform SSL communication.
  • the plurality of candidates may be displayed in the setting field of the common name information 601 of the certificate setting information in a manner selectable by a user, and the candidate selected by the user out of the plurality of candidates may be set as the common name information 601. This makes it possible to easily reflect the intention of selection of the user concerning the certificate setting information on the common name information 601.
  • a setting which is not set as the common name information 601 may be set as a subject alternative name which is other identifying information for identifying the MFP 101.
  • SSL communication can be performed also based on the subject alternative name, and hence even in a case where it is impossible to perform confirmation or the like of correspondence between the common name information 601 and the identification information of the MFP 101, it is possible to perform SSL communication by using the subject alternative name.
  • the third embodiment is basically the same in configuration and operation as the above-described second embodiment, and is different from the first and second embodiments in that a warning notification is displayed in a case where the common name information 601 and the network setting information 800 do not correspond to each other. Therefore, the following description will be given only of different points from the first and second embodiments while omitting redundant description of the same configuration and operation.
  • FIG. 9 is a flowchart of a certificate generation process performed by the MFP 101 as an information processing apparatus according to the third embodiment.
  • the common name information 601 of the certificate setting information set in the second embodiment is reset by a user, but in this case, a proper common name is sometimes not set e.g. due to a user's erroneous input of the certificate setting information.
  • a warning notification 1000 described hereinafter with reference to FIG. 10 is displayed on the console panel 204.
  • the certificate generation process in FIG. 9 is performed by the CPU 205 that executes the control programs stored in the ROM 206 and the HDD 208.
  • the CPU 205 acquires the common name information 601 set in the certificate setting menu 600 before starting processing for issuing the SSL server certificate (step S902). Then, the CPU 205 acquires the network setting information 800, and determines whether or not the common name information 601 and the FQDN, IP address or mDNS of the MFP 101 in the network setting information 800 correspond to each other (step S903).
  • the network setting information 800 not only the network setting information 800, but also various information used for performing network communication, acquired from the DNS server 103, may be used.
  • the CPU 205 performs processing for issuing the SSL server certificate based on the certificate setting information set in the certificate setting menu 600 to issue the SSL server certificate of the MFP 101 (step S904), followed by terminating the present process.
  • the CPU 205 displays the warning notification 1000 shown in FIG. 10 on the console panel 204 (step S905).
  • the warning notification 1000 displays a message to the effect that there is a possibility of erroneous setting of the common name information 601, a continue button 1001 for performing resetting of the certificate setting information, and a cancel button 1002 for not performing resetting of the certificate setting information.
  • the CPU 205 determines which of the continue button 1001 and the cancel button 1002 has been depressed (step S906).
  • step S906 If it is determined in the step S906 that the continue button 1001 has been depressed, the CPU 205 displays the certificate setting menu 600 on the console panel 204 (step S907). This enables the common name information 601 to be reset. Then, the CPU 205 returns to the step S901 after executing the step S907.
  • the CPU 205 executes the step S904 without resetting the common name information 601, followed by terminating the present process.
  • the warning notification 1000 is displayed on the console panel 204.
  • SSL communication in the present embodiment is performed on condition that the common name information 601 included in the certificate setting information corresponds to the FQDN, IP address or mDNS of the MFP 101 in the network setting information 800, by thus displaying the warning notification 1000, it is possible to prevent the common name information 601 from not corresponding to the FQDN, IP address or mDNS of the MFP 101 in the network setting information 800, which in turn makes it possible to perform SSL communication.
  • the fourth embodiment is basically the same in configuration and operation as the above-described second and third embodiments, and is different from the second and third embodiments in that a warning notification is displayed on the console panel 204 in a case where the network setting information 800 and the common name included in the SSL server certificate do not correspond to each other. Therefore, the following description will be given only of different points from the second and third embodiments while omitting redundant description of the same configuration and operation.
  • FIG. 11 is a flowchart of a warning display control process performed by the MFP 101 as an information processing apparatus according to the fourth embodiment.
  • the common name information 601 corresponds to the network setting information 800 when issuing the SSL server certificate
  • the common name is also changed, and hence it becomes impossible to perform SSL communication using the issued SSL server certificate.
  • a warning notification 1201 shown in FIG. 12 is displayed on the console panel 204.
  • the warning display control process in FIG. 11 is performed by the CPU 205 that executes the control programs stored in the ROM 206 and the HDD 208.
  • the CPU 205 determines whether or not the changed information is information concerning the common name (step S1102).
  • the information concerning the common name refers specifically to the IPv4 address, the IPv4 host name, the IPv4 domain name, the IPv6 address, the IPv6 host name, and the IPv6 domain name, i.e. the FQDN, the mDNS name, and the IP address.
  • the CPU 205 determines that the changed information is the information concerning the common name.
  • the CPU 205 determines that the changed information is not the information concerning the common name.
  • the CPU 205 determines whether or not the SSL server certificate exists (step S1103).
  • the CPU 205 acquires the common name included in the SSL server certificate, and determines whether or not the acquired common name corresponds to the FQDN, IP address or mDNS of the MFP 101 in the network setting information 800 (step S1104).
  • the CPU 205 displays the warning notification 1201, shown in FIG. 12 , to the effect that the common name in the SSL server certificate does not match the setting, on the console panel 204 (step S1105), followed by terminating the present process.
  • the CPU 205 terminates the present process.
  • the warning notification 1201 is displayed.
  • SSL communication is performed on condition that the common name included in the SSL server certificate corresponds to the FQDN, IP address or mDNS of the MFP 101 in the network setting information 800, by thus displaying the warning notification 1201, it is possible to prevent the common name from not corresponding to the FQDN, IP address or mDNS of the MFP 101 in the network setting information 800, which in turn makes it possible to perform SSL communication.
  • Embodiment(s) of the present invention can also be realized by a computer of a system or apparatus that reads out and executes computer executable instructions (e.g., one or more programs) recorded on a storage medium (which may also be referred to more fully as a 'non-transitory computer-readable storage medium') to perform the functions of one or more of the above-described embodiment(s) and/or that includes one or more circuits (e.g., application specific integrated circuit (ASIC)) for performing the functions of one or more of the above-described embodiment(s), and by a method performed by the computer of the system or apparatus by, for example, reading out and executing the computer executable instructions from the storage medium to perform the functions of one or more of the above-described embodiment(s) and/or controlling the one or more circuits to perform the functions of one or more of the above-described embodiment(s).
  • computer executable instructions e.g., one or more programs
  • a storage medium which may also be referred to more fully as
  • the computer may comprise one or more processors (e.g., central processing unit (CPU), micro processing unit (MPU)) and may include a network of separate computers or separate processors to read out and execute the computer executable instructions.
  • the computer executable instructions may be provided to the computer, for example, from a network or the storage medium.
  • the storage medium may include, for example, one or more of a hard disk, a random-access memory (RAM), a read only memory (ROM), a storage of distributed computing systems, an optical disk (such as a compact disc (CD), digital versatile disc (DVD), or Blu-ray Disc (BD)TM), a flash memory device, a memory card, and the like.
  • An information processing apparatus information processing apparatus capable of setting proper identifying information for identifying the information processing apparatus, and performing SSL communication.
  • the information processing apparatus is capable of performing SSL communication and issuing a certificate.
  • a CPU of the apparatus receives a request for acquiring a Web page for use in issuing the Web page.
  • the CPU acquires identification information of the apparatus from the request received from the client.
  • the CPU generates the Web page which is for use in issuing the certificate and in which the identification information of the apparatus is set.
  • the CPU transmits the generated Web page to the client as a response to the request.
EP16151010.2A 2015-01-14 2016-01-13 Information processing apparatus capable of performing ssl communication, method of controlling the same, and storage medium Active EP3046306B1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2015004927A JP6521640B2 (ja) 2015-01-14 2015-01-14 情報処理装置及びその制御方法、並びにプログラム

Publications (2)

Publication Number Publication Date
EP3046306A1 EP3046306A1 (en) 2016-07-20
EP3046306B1 true EP3046306B1 (en) 2020-03-11

Family

ID=55168144

Family Applications (1)

Application Number Title Priority Date Filing Date
EP16151010.2A Active EP3046306B1 (en) 2015-01-14 2016-01-13 Information processing apparatus capable of performing ssl communication, method of controlling the same, and storage medium

Country Status (4)

Country Link
US (1) US10200200B2 (ja)
EP (1) EP3046306B1 (ja)
JP (1) JP6521640B2 (ja)
KR (1) KR101979488B1 (ja)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4900891B2 (ja) * 2005-04-27 2012-03-21 キヤノン株式会社 通信装置及び通信方法
JP6891580B2 (ja) * 2017-03-24 2021-06-18 富士フイルムビジネスイノベーション株式会社 通信装置およびプログラム
JP6676587B2 (ja) * 2017-06-16 2020-04-08 キヤノン株式会社 印刷制御装置、制御方法、プログラム
JP6904826B2 (ja) * 2017-07-14 2021-07-21 キヤノン株式会社 情報処理装置及びその制御方法、並びにプログラム
CN109922027B (zh) * 2017-12-13 2020-08-28 中国移动通信集团公司 一种可信身份认证方法、终端及存储介质
CN108810163B (zh) * 2018-06-27 2021-08-17 奇安信科技集团股份有限公司 自签名ssl证书处理系统及方法
JP7163083B2 (ja) * 2018-06-29 2022-10-31 キヤノン株式会社 情報処理装置、情報処理装置の制御方法、及び、プログラム
JP2021056859A (ja) * 2019-09-30 2021-04-08 キヤノン株式会社 情報処理装置、プログラム及び制御方法

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850186B2 (en) * 2006-01-17 2014-09-30 Canon Kabushiki Kaisha Change in identification information causing request for new certificate issuance

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7216292B1 (en) * 1999-09-01 2007-05-08 Microsoft Corporation System and method for populating forms with previously used data values
US7711122B2 (en) * 2001-03-09 2010-05-04 Arcot Systems, Inc. Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
JP3987710B2 (ja) * 2001-10-30 2007-10-10 株式会社日立製作所 認定システムおよび認証方法
US7430755B1 (en) * 2002-09-03 2008-09-30 Fs Networks, Inc. Method and system for providing persistence in a secure network access
US7788495B2 (en) * 2003-06-03 2010-08-31 Microsoft Corporation Systems and methods for automated configuration of secure web site publishing
US8915967B2 (en) * 2003-12-19 2014-12-23 Patrick Leahy Anti reflux system
JP4791818B2 (ja) 2005-02-16 2011-10-12 株式会社リコー 被管理装置、管理システム、被管理装置の制御方法、プログラム及び記録媒体
JP4835177B2 (ja) * 2006-01-31 2011-12-14 ブラザー工業株式会社 証明書発行装置及びプログラム
JP4789647B2 (ja) * 2006-02-20 2011-10-12 パナソニック株式会社 モータ駆動装置
JP2009001855A (ja) * 2007-06-21 2009-01-08 Hitachi Ltd 表面に陽極酸化皮膜が形成された部材及び陽極酸化処理方法
CN101828358B (zh) * 2007-06-27 2012-07-04 环球标志株式会社 服务器认证书发行系统
JP4128610B1 (ja) * 2007-10-05 2008-07-30 グローバルサイン株式会社 サーバ証明書発行システム
WO2009006318A1 (en) * 2007-06-29 2009-01-08 Artificial Muscle, Inc. Electroactive polymer transducers for sensory feedback applications
JP2009200565A (ja) 2008-02-19 2009-09-03 Murata Mach Ltd デジタル複合機
US20140259131A1 (en) * 2013-03-06 2014-09-11 Go Daddy Operating Company, LLC Method for creating a security certificate

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850186B2 (en) * 2006-01-17 2014-09-30 Canon Kabushiki Kaisha Change in identification information causing request for new certificate issuance

Also Published As

Publication number Publication date
KR101979488B1 (ko) 2019-05-16
JP6521640B2 (ja) 2019-05-29
EP3046306A1 (en) 2016-07-20
JP2016130941A (ja) 2016-07-21
US10200200B2 (en) 2019-02-05
KR20160087753A (ko) 2016-07-22
US20160204947A1 (en) 2016-07-14

Similar Documents

Publication Publication Date Title
EP3046306B1 (en) Information processing apparatus capable of performing ssl communication, method of controlling the same, and storage medium
WO2015151526A1 (en) Printer registration apparatus, display apparatus, and method for printer registration
US9774635B2 (en) Information processing system, device, and information processing method
US9454718B2 (en) Printer, print control device, print system, printing method, and computer-readable medium for providing specific print setting information
JP5274294B2 (ja) 情報処理装置及びその制御方法、並びに画像処理装置及びその制御方法
CN103218188B (zh) 信息处理设备及其控制方法和图像形成系统
JP5862240B2 (ja) 情報処理装置、制御システム、制御方法、制御プログラム、及びそのプログラムを記録した記録媒体
JP6117165B2 (ja) 画像形成装置、画像形成システムおよびジョブ管理プログラム
JP6946074B2 (ja) 画像形成装置及びその制御方法、並びにプログラム
US10361872B2 (en) Verifying validity of a certificate of a public key using both of a revocation list and querying a verification server
JP2014016674A (ja) 出力システム、出力制御装置及び出力制御プログラム
US10560590B2 (en) Information processing apparatus equipped with communication functions, control method therefor, and storage medium
US11614904B2 (en) Printing device, information processing device, and control method and medium for the same
US9501252B2 (en) Method and apparatus for secure image data processing
US10936263B2 (en) Communication terminal, method of controlling same, and storage medium
US20220353250A1 (en) Information processing apparatus, method of controlling the same, and storage medium
US10958736B2 (en) Information processing apparatus, method of controlling the information processing apparatus, and storage medium
EP2843927B1 (en) Image forming system, image forming apparatus, and non-transitory computer readable recording medium storing a setup program
US11954381B2 (en) System includes server, printing apparatus, information processing apparatus to provide a technique for specifying a physical printer associated with a logical printer, and non-transitory storage medium
JP2022164049A (ja) 情報処理装置とその制御方法、及びプログラム
JP2017022462A (ja) 画像処理装置、その制御方法及びプログラム
JP2021083002A (ja) 情報処理装置、情報処理方法及びプログラム
JP2023084817A (ja) 情報処理装置、情報処理方法及びプログラム
JP2016081438A (ja) 画像形成システム
KR20220164425A (ko) 정보 처리 시스템, 정보 처리 장치, 및 그 제어 방법

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20170120

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20180305

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20190729

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1244561

Country of ref document: AT

Kind code of ref document: T

Effective date: 20200315

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602016031334

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200611

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20200311

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200611

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200612

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200805

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200711

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1244561

Country of ref document: AT

Kind code of ref document: T

Effective date: 20200311

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602016031334

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

26N No opposition filed

Effective date: 20201214

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210113

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20210131

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602016031334

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: H04L0029060000

Ipc: H04L0065000000

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210131

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210131

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210113

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20210131

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20160113

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20221220

Year of fee payment: 8

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20231219

Year of fee payment: 9

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20231219

Year of fee payment: 9

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200311

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20231219

Year of fee payment: 9